OAuth2 Authentication with Google

In this guide, you will learn how to authenticate yourself with Google.

Prerequisites

Create a Google Cloud project

Generate OAuth 2.0 Client IDs

  1. In your Project head to API & Services > Credentials

  2. Click CREATE CREDENTIALS and select OAuth Client ID

  3. Give it name

  4. At Authorized JavaScript origins, add your URIs. This is your instance’s complete URL. For example, https://my-enviroment.neptune-software.cloud

  5. At Authorized redirect URIs, add the following: https://my-enviroment.neptune-software.cloud/user/logon/oauth2/oauth2new/callback

    The folder name in the path between oauth2 and callback will be the Path you will define in the next section.

  6. Copy the following:

    1. Client ID

    2. Client secret

    3. Authorized redirect URI

      These will be used in the next step.

Configure your authentication OAuth2 provider in System Settings

  1. Add a new authentication and choose OAuth2.

    1. Enable Active and Show on login page to have the authentication active and available in the login options.

    2. Add a meaningful Name,Description and Path. In this example, the path is oauth2new.

      Once the path is added, a folder will be created containing all OAuth2 information.

    3. At Authorization URL paste https://accounts.google.com/o/oauth2/v2/auth

    4. At Token URL paste https://oauth2.googleapis.com/token

    5. At Callback URL paste the previously copied Authorized redirect URI

    6. At Redirect URL paste https://my-enviroment.neptune-software.cloud/cockpit.html

    7. Paste the Client ID and Client secret

    8. At Scopes add email. You can always add more or other scopes

    9. At Profile Script paste the following code:

      this._oauth2.get('https://www.googleapis.com/oauth2/v3/userinfo', accessToken, function(err, body, res) {
    const profile = JSON.parse(body);
    done(null, profile)
})

  2. Add your Claims Assignments. For example:

    settings open id claims

  3. If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.

    1. Enable Only assign on first login to assign the claims, roles and department only on the first login.

  4. Press OK

  5. Save and Restart the server to apply the changes

Result

You have established an OAuth2 authentication with Google.